[Bug 239894] [NEW] CVE-2008-2364 Apache2 mod_proxy_http.c DOS

Emanuele Gentili emgent at ubuntu.com
Sat Jun 14 01:26:15 BST 2008

*** This bug is a security vulnerability ***

Public security bug reported:

The ap_proxy_http_process_response function in mod_proxy_http.c in the
mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not
limit the number of forwarded interim responses, which allows remote
HTTP servers to cause a denial of service (memory consumption) via a
large number of interim responses.

** Affects: apache2 (Ubuntu)
     Importance: High
     Assignee: Emanuele Gentili (emgent)
         Status: Confirmed

** Visibility changed to: Public

** CVE added: http://www.cve.mitre.org/cgi-

** Changed in: apache2 (Ubuntu)
   Importance: Undecided => High
     Assignee: (unassigned) => Emanuele Gentili (emgent)
       Status: New => Confirmed

CVE-2008-2364 Apache2 mod_proxy_http.c DOS
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

More information about the Ubuntu-server-bugs mailing list